ref: https://tailscale.com/kb/1019/subnets#connect-to-tailscale-as-a-subnet-router and https://tailscale.com/kb/1214/site-to-site
If your Linux system has a /etc/sysctl.d
directory, (check with ls /etc/sysctl.d/
) use:
echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf
echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf
sudo sysctl -p /etc/sysctl.d/99-tailscale.conf
Otherwise:
echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.conf
echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.conf
sudo sysctl -p /etc/sysctl.conf
Home network: 192.168.8.0, router ip 192.168.8.1
tailscale up --advertise-routes=192.168.8.0/24 --accept-dns=false --accept-routes
to show device origin IP instead of subnet router host add --snat-subnet-routes=false:
tailscale up --advertise-routes=192.168.8.0/24 --accept-dns=false --accept-routes --snat-subnet-routes=false
approve on https://login.tailscale.com/admin/machines
IMPORTANT NOTES:
GL-inet tends to reset tailscale (imo LAN/WAN toggles are decorative), which breaks subnet/S2S routing feature.
Router reboot needed to make it work, as well as other routers to acknowledge the new IP route
(e.g. home router after internet loss broke subnet, or using wifi repeater, tailscale subnet stopped working, travel router was used to connect using ts.net, to then fix subnet routing, after fix still had to reboot travel router for changes to get noticed)
OpenWRT - Make sure to allow access to web/ssh from other networks https://forum.openwrt.org/t/allow-ssh-on-wan/74995/2
Good to know:
Tailscale ports:
Make direct connections by allowing UDP port 41641 to ingress through the firewall
Direct connection between VMs, also add an outbound firewall rule allowing UDP port 3478.
Top comments (0)